L2TP/IPsec is obsolete, itself does NOT provide encryption or confidentiality to traffic passes through it. L2TP/IPsec encapsulates data twice at layer 2, it has pros and cons. See this (may be out-dated) -> https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs... IKEv{1,2} + IPsec (ESP) (tunnel mode) is recommended. strongSwan is probably the best free, open source IPsec solution out there (much better than libreswan...), good documentation, use cases and examples etc, actively developed and maintained by a group of passionate developers that knows the stuff well.
My employer (pre-IPO startup) has been using strongSwan for 2+ years as site-to-site solution from AWS VPC to on-premises data centres (or other cloud virtual network), proved to be rock solid as long as it's properly configured (pretty much all outages were caused by AWS...) ;-)
The only drawback is that strongSwan currently does NOT have a mature HA solution but it's shaping up (5.4.0 introduced IKEv2 redirect). Hopefully a proper HA solution (not sure if it is something similar to VRRP - curious to know more - PLEASE comment) will be built on top and later productized ;-)
In addition: I myself have been using strongSwan since its 5.0.x for remote access, to protect privacy, fight censorship (yes, originally from China mainland where the infamous GFW is in place...). The native strongSwan client for Android is a killer feature, RSA authentication with X509 certificates works flawlessly with 1 click ;-)
BTW: OpenVPN is SSL VPN, relatively easy to install and configure, that's why it's more popular (remote access). IPsec works at IP layer (layer 3), generally speaking it requires deeper networking knowledge and more experience to get things right. OpenVPN is harder to block as it can disguise as HTTPS (TLS) or other traffic while IPsec requires UDP ports 500 (IKE) and 4500 (NAT-T) to work which is easier to block.
HTH
